In message <CAL89Sg+XDKc=_6UWosAZ=wyPJb9tm2GaN0-vDk8Kyiji+vEUUQ@mail.gmail.com> , Tom Paseka writes:
On Tue, Mar 26, 2013 at 7:04 PM, Matthew Petach <mpetach@netflight.com>wrot= e:
On Tue, Mar 26, 2013 at 6:06 PM, John Levine <johnl@iecc.com> wrote:
As a white-hat attempting to find problems to address through legitimat= e means, how do you =85
You make friends with people with busy authoritative servers and see who's querying them.
I'm confused. Don't most authoritative servers have to answer to just about anyone in order to be useful?
Matt
Authoritative DNS servers need to implement rate limiting. (a client shouldn't query you twice for the same thing within its TTL).
You are assuming that there is a recursive server making the queries and that there are not multiple recursive server behind a NAT. Neither of these assumptions in true in practice and with the deployment of CGNs these will become less true. I have two recursive server at home behind a NAT today. Both do DNSSEC. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org